Go to main content

Oracle^® Rack Universal Power Distribution Unit User's Guide

Exit Print View

» ...Documentation Home » Oracle Rack Cabinet 1242 Documentation Library » Oracle^® Rack Universal Power ... » Command Line Interface » Configuring Security » Managing Role-Based Access Control Rules » Add a Role-Based Access Control Rule

Updated: May 2019

Oracle^® Rack Universal Power Distribution Unit User's Guide

Document Information

Using This Documentation

Preparing for Installation

Installing HPDUs In To an Oracle Rack

Initial Configuration

Command Line Interface

About the Interface

Log In to CLI with HyperTerminal

Log In to CLI with SSH or Telnet

Log In to CLI with an Analog Modem

Different CLI Modes and Prompts

Closing a Local Connection

The Help (?) Command for Showing Available Commands

Querying Available Parameters for a Command

Show Information

Clear Event Log

Configure the HPDU Device and Network

Using HPDU Configuration Commands

Change the HPDU Name

Enable or Disable Data Logging

Set Data Logging Measurements Per Entry

Specify the Device Altitude

Set the Z Coordinate Format for Environmental Sensors

Using Network Configuration Commands

Configure IPv4 and IPv 6 Parameters

Set the IPv4 and IPv6 Preferred Host Name

Set the IPv4 and IPv6 Address

Set the IPv4 and IPv6 Gateway

Set the IPv4 and IPv6 Static Routes

Configuring DNS Parameters

Configure DNS Parameters

Setting the LAN Interface Parameters

Enable or Disable the LAN Interface

Change the LAN Interface Speed

Change the LAN Duplex Mode

Create an EAP CA Certificate

Setting the Network Service Parameters

Set the HTTP Port

Set the HTTPS Port

Changing the Telnet Configuration

Enable or Disable Telnet

Change the Telnet Port

Changing the SSH Configuration

Enable or Disable SSH

Change the SSH Port

Determine the SSH Authentication Method

Setting the SNMP Configuration

Enable or Disable SNMP v1/v2c

Enable or Disable SNMP v3

Set the SNMP Read Community

Set the SNMP Write Community

Set the sysContact Value

Set the sysName Value

Set the sysLocation Value

Changing the Modbus Configuration

Enable or Disable Modbus

Enable or Disable the Read-Only Mode for the Modbus Agent

Change the Modbus Port

Enabling or Disabling Service Advertising

Enable or Disable Service Advertising

Configuring the System Date and Time

Configure the Time Setup Method

Set NTP Parameters

Customize the Date and Time

Set the Time Zone

Set the Automatic Daylight Saving Time

Check the Accessibility of NTP Servers

Configuring Security

Manage Firewall Control Parameters

Managing Firewall Rules

Add a Firewall Rule

Modify a Firewall Rule

Delete a Firewall Rule

Restricted Service Agreement

Enable or Disable the Restricted Service Agreement

Specify the Agreement Content

Login Limitation

Specify the Single Login Limitation

Set Password Aging

Set Password Aging Interval

Set Idle Timeout

Strong Passwords

Enable or Disable the Strong Password Option

Set the Minimum Password Length

Set the Maximum Password Length

Set the Lowercase Character Requirement

Set the Uppercase Character Requirement

Set the Numeric Character Requirement

Set the Special Character Requirement

Set the Maximum Password History

Setting Role-Based Access Control

Modify Role-Based Access Control Parameters

Managing Role-Based Access Control Rules

Add a Role-Based Access Control Rule

Modify a Role-Based Access Control Rule

Delete a Role-Based Access Control Rule

Enable or Disable Front Panel Actuator Control

Inlet Configuration Commands

Change the Inlet Name

Enable or Disable an Inlet (for Multi-Inlet HPDUs)

Overcurrent Protector Configuration Commands

Change the Overcurrent Protector Name

User Configuration Commands

Create a User Profile

Modifying a User Profile

Change a User Password

Modify a User's Personal Data

Enable or Disable a User Profile

Force a Password Change

Modify SNMPv3 Settings

Change the Role(s)

Change Measurement Units

Specify the SSH Public Key

Delete a User Profile

Change Your Own Password

Set Default Measurement Units

Role Configuration Commands

Authentication Commands

Determine the Authentication Method

Add an LDAP Server

Copy the Settings from an Existing Server

Modify an Existing LDAP Server

Remove an LDAP Server

Radius Settings

Add a Radius Server

Modify a Radius Server

Remove a Radius Server

Server Reachability Configuration Commands

Add a Monitored Device

Delete a Monitored Device

Modify a Monitored Device's Settings

Cisco EnergyWise Configuration Commands

Enabling or Disabling EnergyWise

Specify the EnergyWise Domain

Specify the EnergyWise Secret

Change the UDP Port

Set the Polling Interval

Serial Port Configuration Commands

Set the Baud Rates

Force the Device Detection Mode

Multi-Command Syntax

Unblocking a User

Restarting the HPDU

Resetting Active Energy Readings

Resetting to Factory Defaults

Network Troubleshooting

Entering Diagnostic Mode

Quitting Diagnostic Mode

Using Diagnostic Commands

Tracing the Route

Retrieving Previous Commands

Automatically Completing a Command

Logging Out of CLI

Secure Copy (SCP) Commands

Servicing HPDUs

Language:

Add a Role-Based Access Control Rule

To add a new IPv4 role-based access control rule at the bottom of the IPv4 rules list, at the config:# prompt, type security roleBasedAccessControl ipv4 rule add <start_ip> <end_ip> <role> <policy>, and press Enter.
For example, to add a new IPv4 role-based access control rule, dropping all packets from any IPv4 address between 192.168.78.50 and 192.168.90.100 when the user is a member of the role "admin," and insert the rule above the 3rd rule, at the config:# prompt, type security roleBasedAccessControl ipv4 rule add 192.168.78.50 192.168.90.100 admin deny insertAbove 3, and press Enter. The original 3rd rule becomes the 4th rule.
To add a new IPv6 role-based access control rule at the bottom of the IPv4 rules list, at the config:# prompt, type security roleBasedAccessControl ipv6 rule add <start_ip> <end_ip> <role> <policy>, and press Enter.
To add a new IPv4 role-based access control rule by inserting it above or below a specific rule, at the config:# prompt, type security roleBasedAccessControl ipv4 rule add <start_ip> <end_ip> <role> <policy> <insert> <rule_number>, and press Enter.

To add a new IPv6 role-based access control rule by inserting it above or below a specific rule, at the config:# prompt, type security roleBasedAccessControl ipv6 rule add <start_ip> <end_ip> <role> <policy> <insert> <rule_number>, and press Enter.

<start_ip> is the starting IP address.
<end_ip> is the ending IP address.
<role> is the role for which you want to create an access control rule.

<policy> is one of these options:

allow – Accepts traffic from the specified IP address range when the user is a member of the specified role.
deny – Drops traffic from the specified IP address range when the user is a member of the specified role.

<insert> is one of the options:

Insert	Description
insertAbove	Inserts the new rule above the specified rule number. Then: new rule number = the specified rule number <rule_number> is the number of the existing rule which you want to insert the new rule above.
insertBelow	Inserts the new rule below the specified rule number. Then: new rule number = the specified rule number + 1 <rule_number> is the number of the existing rule which you want to insert the new rule below.

Copyright © 2019, Oracle and/or its affiliates. All rights reserved.